Vulnerability Note VU#377804
Multiple Open Software Foundation Distributed Computing Environment (DCE) implementations vulnerable to DoS
Overview
A denial-of-service vulnerability exists in multiple vendor implementations of the Distributed Computing Environment. This vulnerability may allow a remote attacker to cause the service to fail. Note that this vulnerability may be triggered by attackers attempting to exploit VU#568148 and VU#326746.
Description
The Open Group describes the Distributed Computing Environment (DCE) as an "industry-standard, vendor-neutral set of distributed computing technologies." They go on to describe DCE as follows: DCE provides a complete Distributed Computing Environment infrastructure. It provides security services to protect and control access to data, name services that make it easy to find distributed resources, and a highly scalable model for organizing widely scattered users, services, and data. DCE runs on all major computing platforms and is designed to support distributed applications in heterogeneous hardware and software environments. |
Impact
A remote attacker may be able to cause the DCE service to either hang or terminate, which will effectively make it impossible for DCE clients to communicate with the DCE server. |
Solution
Apply a patch. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Cray Inc. | Affected | 05 Aug 2003 | 06 Aug 2003 |
| Entegrity Solutions Corp | Affected | - | 07 Aug 2003 |
| Hewlett-Packard Company | Affected | 05 Aug 2003 | 18 Aug 2003 |
| IBM | Affected | 05 Aug 2003 | 08 Aug 2003 |
| Apple Computer Inc. | Not Affected | 05 Aug 2003 | 07 Aug 2003 |
| F5 Networks | Not Affected | 05 Aug 2003 | 08 Aug 2003 |
| Foundry Networks Inc. | Not Affected | - | 06 Aug 2003 |
| Ingrian Networks | Not Affected | 05 Aug 2003 | 08 Aug 2003 |
| Juniper Networks | Not Affected | 05 Aug 2003 | 08 Aug 2003 |
| Lotus Software | Not Affected | 05 Aug 2003 | 11 Aug 2003 |
| Microsoft Corporation | Not Affected | 05 Aug 2003 | 07 Aug 2003 |
| NetBSD | Not Affected | 05 Aug 2003 | 08 Aug 2003 |
| Openwall GNU/*/Linux | Not Affected | 05 Aug 2003 | 13 Aug 2003 |
| Sun Microsystems Inc. | Not Affected | 05 Aug 2003 | 14 Aug 2003 |
| 3Com | Unknown | 05 Aug 2003 | 06 Aug 2003 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
This document was written by Ian A Finlay.
Other Information
- CVE IDs: Unknown
- Date Public: 07 Aug 2003
- Date First Published: 08 Aug 2003
- Date Last Updated: 18 Aug 2003
- Severity Metric: 22.78
- Document Revision: 17
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.